An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitee.com/koyshe/phpshe/issues/ITC0C |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-14T01:00:00
Updated: 2024-08-04T22:01:54.149Z
Reserved: 2019-03-13T00:00:00
Link: CVE-2019-9761
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-03-14T02:29:00.280
Modified: 2019-03-14T12:15:16.180
Link: CVE-2019-9761
Redhat
No data.